const authenticateToken = (req, res, next) => {
  const userId = req.headers['x-user-id'];
  console.log('req.headers', req.headers)
  if(!userId) {
    throw { code: 401, message: "无效的用户。" };
  }
  req.user = { userId }; // e.g., { id: 123, roles: ['admin', 'editor'] }
  next();
};

const authorizeAdmin = (req, res, next) => {
  const role = req.headers['x-user-role'];
  if(role !== 'admin') {
    throw { code: 403, message: "请联系管理员授权为admin角色。" };
  }
  next();
};

module.exports = { authenticateToken, authorizeAdmin };
